EUVD-2025-16616
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Lifecycle Timeline
3Tags
Description
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with elevated privileges.
Analysis
Critical remote code execution vulnerability affecting Netcom NTC 6200 and NWL 222 series network devices. The vulnerability stems from multiple command injection flaws in the web interface combined with hardcoded credentials, allowing authenticated remote attackers to execute arbitrary commands with elevated privileges. With a CVSS score of 8.6 and an attack vector requiring only adjacent network access and low privileges, this vulnerability poses significant risk to organizations deploying these devices in networked environments.
Technical Context
The Netcom NTC 6200 and NWL 222 series devices expose a web-based management interface for device configuration and operation. The vulnerability root cause is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command 'Command Injection'), indicating that user-supplied input to multiple web endpoints is not properly sanitized before being passed to shell command execution functions. The underlying technology involves HTTP/HTTPS web interfaces that process operator-supplied configuration parameters. The presence of hardcoded credentials compounds this issue by reducing the authentication barrier—attackers may leverage default or embedded credentials to bypass initial access controls. The affected CPE strings are implied to be: cpe:2.3:a:netcom:ntc_6200:*:* and cpe:2.3:a:netcom:nwl_222:*:*, though specific version ranges are not detailed in the provided description.
Affected Products
Netcom NTC 6200 series (all versions until patched). Netcom NWL 222 series (all versions until patched). The advisory references and patch versions are not provided in the intelligence data; however, affected organizations should immediately check Netcom's official security advisories at https://www.netcom.com/security or contact their Netcom support representative for version-specific patch information. The vulnerability affects web interface endpoints used for device configuration, implying all deployment scenarios where the web management interface is accessible are at risk.
Remediation
Immediate actions: (1) Restrict network access to the web management interface via network segmentation (firewall rules limiting access to trusted administrator networks only). (2) Change any default/hardcoded credentials if alternative authentication mechanisms exist. (3) Monitor access logs for suspicious configuration attempts. Long-term: (1) Apply security patches from Netcom as released (check Netcom security advisories for specific patch versions). (2) Implement network-based input validation or WAF rules to block command injection payloads if patches are not immediately available. (3) Disable the web management interface if not required, using serial console or out-of-band management instead. (4) Implement network segmentation to ensure management traffic is isolated from general network traffic.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today